Get Audit Management Log

Cortex Xpanse REST API

post /public_api/v1/audits/management_logs/

- Response is concatenated using AND condition (OR is not supported).
- Maximum result set size is 100.
- Offset is the zero-based number of incidents from the start of the result set.

Get audit management logs.

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \ "https://api-}/public_api/v1/audits/management_logs/" \ -d '{ "request_data" : { "search_from" : 0, "next_page_token" : "next_page_token", "filters" : [ { "field" : "email", "value" : 0, "operator" : "in" }, { "field" : "email", "value" : 0, "operator" : "in" } ], "sort" : { "field" : "timestamp", "keyword" : "desc" }, "search_to" : 0, "use_page_token" : true } }'
Request headers
authorization
required
String
api-key
Example: {{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example: {{api_key_id}}
Request
Body
required
Note: You can send a request to retrieve either all or filtered results.
request_data
required
Object
filters
optional
Array of objects
field
optional
String (Enum)
Allowed values:
email
type
sub_type
result
timestamp
audit_id
operator
optional
String (Enum)
Allowed values:
in
neq
eq
lte
gte
value
optional
Integer
search_from
optional
Integer
search_to
optional
Integer
sort
optional
Object
field
optional
String (Enum)
Allowed values:
sub_type
result
timestamp
audit_id
type
keyword
optional
String (Enum)
Allowed values:
ASC
asc
DESC
desc
use_page_token
optional
Boolean
next_page_token
optional
String
This attribute is only returned if use_page_token is provided in the request with value true
Responses

Successful response

Body
reply
required
Object
total_count
required
Integer
result_count
required
Integer
data
required
Array of objects
AUDIT_ID
optional
Integer
AUDIT_OWNER_NAME
optional
String
AUDIT_OWNER_EMAIL
optional
String
AUDIT_ASSET_JSON
optional
Object
AUDIT_ASSET_NAMES
optional
String
AUDIT_HOSTNAME
optional
String
AUDIT_RESULT
optional
String
AUDIT_REASON
optional
String
AUDIT_DESCRIPTION
optional
String
AUDIT_ENTITY
optional
String (Enum)
Allowed values:
LIVE_TERMINAL
RULES
RULES_EXCEPTIONS
AUTH
RESPONSE
INCIDENT_MANAGEMENT
ALERT_MANAGEMENT
INCIDENT_TIMELINE_EVENT
ENDPOINT_MANAGEMENT
ENDPOINT_GROUPS
ALERT_WHITELIST
PUBLIC_API
DISTRIBUTIONS
STARRED_INCIDENTS
POLICY_PROFILES
DEVICE_CONTROL_PROFILES
DEVICE_CONTROL_POLICY
PROTECTION_PROFILES
DEVICE_CONTROL_PROFILE
HOST_FIREWALL_PROFILE
HOST_DISK_ENCRYPTION_PROFILE
POLICY_RULES
PROTECTION_POLICY
DEVICE_CONTROL_TEMP_EXCEPTIONS
DEVICE_CONTROL_GLOBAL_EXCEPTIONS
DEVICE_CONTROL_CUSTOM_DEVICE
GLOBAL_EXCEPTIONS
MSSP
REPORTING
DASHBOARD
BROKER_API
BROKER_VM
MTH
MDR
ALERT_NOTIFICATIONS
INTEGRATIONS
QUERY
SCRIPT_EXECUTION
ALERT_RULES
COLLECTION
API_KEY
EDL
VA_RESCAN_ENDPOINT
HI_RESCAN_ENDPOINT
REMEDIATION
INGEST_DATA
LICENSING
AGENT_CONFIGURATION
PERMISSIONS
SCORING_RULES
LAYOUT_RULES
PLAYBOOK_TRIGGERS
FEATURED_ALERT_FIELDS
SYSTEM
TENANT_TAKEOVER
SCOUTER_POLICY
SCOUTER_PROFILE
SCOUTER_GROUPS
ALLOWED_DOMAINS
QUERY_LIBRARY
TENANT_CONFIGURATION
SCOUTER_CONFIGURATION
HOST_FIREWALL
XIF
XDM
ACTION_CENTER
XCLOUD_INTEGRATION
DATASETS
XSOAR
SECURITY_SETTINGS
ALERT_EXCLUSION
INDICATOR_RULES
EVENT_FORWARDING
ASSET_INVENTORY
SERVER_SETTINGS
ASSET_ROLES
CUSTOM_FIELDS
AUTOMATION_RULES
AGENT_EXCEPTION_RULES
REMEDIATION_PATH_RULES
AUDIT_ENTITY_SUBTYPE
optional
String
AUDIT_SESSION_ID
optional
String
AUDIT_CASE_ID
optional
String
AUDIT_INSERT_TIME
optional
Integer
AUDIT_SEVERITY
optional
String
AUDIT_LINK
optional
String
AUDIT_SOURCE_IP
optional
String
AUDIT_USER_AGENT
optional
String
AUDIT_USER_ROLES
optional
Array of strings

Bad Request. Got an invalid JSON.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.

Unprocessable Entity

Body
code
optional
Integer
Error code
status
optional
String
Error name
message
optional
String
Error message
errors
optional
Object
Errors

Internal server error. A unified status for API communication type errors.

Body
reply
required
Object
The query results upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.